BYOD risks and rewards

November 2016  |  FEATURE  |  RISK MANAGEMENT

Financier Worldwide Magazine

November 2016 Issue

November 2016 Issue

In the increasingly tech reliant corporate world, bring your own device (BYOD) policies are everywhere. Irrespective of job roles, from end users to IT staff, BYOD policies have made it easier and more convenient than ever before for employees to carry out corporate functions.

Smart phones, tablets and other connected devices have become ubiquitous not only in our personal lives but also in the modern corporate landscape. With the number of internet connected devices due to reach around 20 billion by 2020, according to Gartner, it is clear that companies must ensure that they have robust and comprehensive BYOD policies in place if they are to reap the rewards offered by greater technological inclusivity. Indeed, according to an Ovum/Logicalis study – ‘BYOD: an emerging market trend in more ways than one’ – 79 percent of employees in high-growth markets believe the constant connectivity associated with BYOD enables them to do their jobs better.

However, though BYOD does offer companies a multitude of benefits, embracing the groundswell of personal consumer electronic devices in a corporate setting does expose companies to risk, not least of which are sacrificing a degree of control over their enterprise data access and determining which devices are able to access the company’s systems and sensitive data. By opening the BYOD floodgates, which so many employees now insist companies do, organisations also risk serious violations of privacy laws if adequate protections are not in place.

Furthermore, and perhaps most worryingly of all, 17.7 percent of the Ovum/Logicalis survey respondents who bring their own devices to work claim that their employer’s IT department is unaware of this behaviour, and that 28.4 percent of IT departments actively ignore BYOD behaviour altogether. Evidently, for many companies there is a disconnect in the way they handle BYOD policies. If companies are to mitigate BYOD risks and begin to enjoy the benefits, those policies must be part of a wider and more holistic approach to risk management generally, and cyber risk management specifically.

Getting BYOD security wrong is a risky prospect which could be catastrophic for a business.

On a practical level, by allowing employees to bring their own mobile devices, laptops and tablets into the workplace, and allowing them to access the company’s internal networks, organisations also place a considerable burden on their IT professionals which many could do without. By no longer retaining full control of the company’s IT ecosystem, companies are forcing their IT staff to support a variety of end user devices across a spectrum of operating systems and security protocols.

A typical BYOD policy, however, does not just impact IT staff; it affects other departments, including HR and legal, which are needed to ensure that the policy remains aligned with the company’s wider risk management strategy as well as its roadmap for future success. Getting BYOD security wrong is a risky prospect which could be catastrophic for a business.

Though there are many practical concerns arising from the omnipresence of connected devices, perhaps the most obvious is cyber security. Given the tenacity and resourcefulness demonstrated by modern cyber criminals, it is imperative that companies take steps to ensure that devices utilised by their staff are safe and secure. The sad fact, however, is that many companies are falling short. But a degree of the responsibility must also be shared by the producers of electronic devices. According to a survey for ISAC’S 2015 IT Risk/Reward Barometer, 72 percent of security experts said that they do not feel device manufacturers are implementing sufficient security measures in IoT devices. In addition to this, 73 percent of experts believe that current security standards in the industry fail to address IoT specific security concerns. ISAC’s survey also found that 56 percent of firms surveyed felt their organisation’s IT department is not aware of all its connected devices.

Given the potential size of the IoT, it is easy to become bogged down in the negatives of greater connectivity. But to appreciate the scale of these risks, it is important to keep in mind advantages which can be gleaned from the IoT, of which there are plenty.

Many BYOD advocates claim that employing a BYOD policy can help their employees to be more productive. Furthermore, policies of this nature are believed to increase employee morale and convenience. A BYOD policy can also help companies to appear flexible and dynamic – all of which helps companies appear more attractive to potential employees.

Equally important are the financial benefits than can be gleaned with a comprehensive BYOD policy. Given that employees are becoming more reliant on their own technology in the workplace, companies can save on IT hardware costs. Breakage and wastage also decreases as employees would be liable to replace their own devices if they are damaged.

BYOD policies, like the IoT, are going to be around for a long time to come. For organisations, as well as their employees, applying and conforming to BYOD policies will be a tightrope walk. Missteps will be costly.

© Financier Worldwide


Richard Summerfield

©2001-2016 Financier Worldwide Ltd. All rights reserved.